Re: Syslog montioring and usage.

[Greg Skouby <gskouby () sitesnow com>]

On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
> I am trying to learn the ins and outs of using Syslog.  I am at my
> second job where I have installed and configure another Pix, but have
> never really got into Syslog.  I am currently using KIWI syslog daemon.
> I would like to better find out what the messages mean, and how to track
> down port scans, and other security related issues that syslog may
> reveal. To sum it up I want to be able to have a good understanding of a
> log file that comes form a Pix. 

You are not going to get automated reporting of portscans using the syslog features of the pix. 
It sends per packet information to the syslog facility so it is left up to the user to come
up with some solution to grep information out of the syslog info. 

Do not try to use the pix as an IDS solution. There is plenty of good open source implementations
of IDS that you can set up, see http://www.snort.org.

See this page for information about certain events generated by the pix:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm

--Greg
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards